x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates. All certificates are searched by default in the standard PKI directory, but any other directory can be specified as a parameter. Only Base64 encoded DER and PEM X.509 certificates are supported.

Recent Releases

0.6.130 Apr 2017 13:04major bugfix:
Show usage/help output if a parameter without option or if an invalid or unknown option is passed. Do not abort on first inaccessible directory or file, but walk through all. Print actual system specific default values in "--help" output. Excluded further Root CA bundle "ca-bundle.legacy.crt". Excluded entitlement/subscription related certificate files as created by Candlepin and Katello (e.g. RHEL, Red Hat Satellite).